CVE-2025-47809
published 2025-05-16CVE-2025-47809: Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have…
PriorityP338high8.2CVSS 3.1
AVLACLPRHUINSCCHIHAH
EPSS
0.14%
3.3th percentile
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wibu | codemeter | < 8.30a | 8.30a |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2rfr-r5fg-2857: Wibu CodeMeter before 8
ghsa_unreviewed·2025-05-16
CVE-2025-47809 [HIGH] CWE-272 GHSA-2rfr-r5fg-2857: Wibu CodeMeter before 8
Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the CodeMeter Control Center component must not have been restarted. In this scenario, the local user can navigate from Import License to a privileged instance of Windows Explorer.
CISA ICS
Siemens Desigo CC Product Family and SENTRON Powermanager
cisa_ics·2025-08-19·CVSS 8.2
[HIGH] Siemens Desigo CC Product Family and SENTRON Powermanager
ICS Advisory
##
Siemens Desigo CC Product Family and SENTRON Powermanager
Release DateAugust 19, 2025
Alert CodeICSA-25-231-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Desigo CC Product Family and SENTRON Powermanager
- Vulnerability: Least Privilege Violation
## 2. RISK EVALUATION
Succe
CISA ICS
Siemens Wibu CodeMeter Runtime
cisa_ics·2025-08-14
Siemens Wibu CodeMeter Runtime
ICS Advisory
##
Siemens Wibu CodeMeter Runtime
Release DateAugust 14, 2025
Alert CodeICSA-25-226-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Low Attack Complexity
- Vendor: Siemens
- Equipment: Wibu CodeMeter
- Vulnerability: Least Privilege Violation
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local u
No detection rules found.
No public exploits indexed.
2025-05-16
Published